Identity at the Core — IAM news, research, and community for security leaders

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account, "MSNightmare" said. "I have managed to get a 100% success rate on

By The Hacker News

THE REGISTER SECURITY

Miasma worms its way onto GitHub as attack kit goes open source

As if there weren't enough package poisonings to worry about

By The Register Security

MICROSOFT SECURITY BLOG

Reconstructing AI activity in investigations

Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster. The post Reconstructing AI activity in investigations appeared first on Microsoft Security Blog.

By Microsoft Security Blog

JUMPCLOUD BLOG

Offboarding Humans, Leaving Zombies: The New Workforce Risk

AI agents are redefining the workforce. Discover how IT and HR must partner to secure every identity and eliminate the risk of unmanaged Zombie Agents. The post Offboarding Humans, Leaving Zombies: The New Workforce Risk appeared first on JumpCloud.

By JumpCloud Blog

[ IMAGE ]

PAM

Palo Alto rebrands CyberArk as Idira — what PAM customers should do

The $25B acquisition closed in February. On May 12 Palo Alto announced Idira. Here is what changes for the operators who actually run CyberArk in production.

[ IMAGE ]

CIAM

Passkeys are everywhere, and almost nobody is using them

Nearly half of the top 100 consumer sites now support passkeys. Real adoption stalls at 5–10%. The fixes are not technical — they are CIAM design fixes.

[ IMAGE ]

Your IAM platform is not ready for AI agents

Every vendor announcement in 2026 mentions AI agents. Almost none explain how an agent authenticates, gets scoped credentials, and gets audited. Here is what the gap looks like.

[ IMAGE ]

COMPLIANCE

SOC 2 Type II Auditors Now Require Continuous Identity Posture Assessment

The audit landscape shifts from point-in-time reviews to evidence of ongoing access governance.

Guest Column

Dr. Amira Washington

CISO, Global Financial Services Corp

“Zero Trust without identity governance is just expensive network segmentation.”

In my 15 years leading identity programs across financial services, I've seen organizations pour millions into Zero Trust architecture while neglecting the fundamental question: who has access to what, and why?

Continue Reading →

Hot Topics — Vote for Next Guest Topic

Machine Identity Management at Scale

342 votes

AI-Powered Access Certification Reviews

287 votes

SCIM 2.0 Pain Points & Solutions

198 votes

Passwordless in Regulated Industries

156 votes

Identity Fabric vs. Identity Mesh

112 votes

Next IAM Event

CONFERENCEJun 12-13, 2026

Identity Week Europe

RAI Amsterdam · Amsterdam · Netherlands

Visit event site →

See full calendar →

Stay in the Loop

Weekly IAM intel, delivered.

🇨🇦

IAM in Canada

Regulation, innovation & incidents across the True North

[ FEATURED IMAGE ]

Federal Policy

Treasury Board Mandates Phishing-Resistant MFA Across All Federal Departments by Q4 2026

The new directive requires all Government of Canada systems to implement FIDO2-compliant authentication, phasing out SMS-based MFA.

Privacy

Bill C-27 AIDA Amendments Add Identity Verification Requirements for AI Systems

Yesterday

Provincial

Ontario Digital Identity Program Expands to Include Healthcare Provider Credentialing

2 days ago

Breach

Alberta Municipality Confirms Active Directory Compromise Affecting 45K Citizen Records

3 days ago

Industry

Canadian Banks Pilot Shared KYC Identity Network Using Verified Credentials

4 days ago

🇨🇦 Regulatory & Compliance Tracker

PIPEDA / Bill C-27

● Amendments in Senate Review

Pan-Canadian Trust Framework

● v2.0 Under Consultation

CSE ITSP.30.031

● Updated March 2026

Last reviewed: May 10, 2026

🚨 Oops... Another One

Live breach and vulnerability intelligence — updated as it happens

Breach Intelligence

● LIVE

CRITICAL

MedVault Health Systems — 2.3M Records

Misconfigured SCIM provisioning endpoint exposed patient identity data.

32m ago

CRITICAL

NordikPay — 890K OAuth Tokens Leaked

Exposed refresh tokens allowed unauthorized access to customer financial accounts.

2h ago

HIGH

TeleCom Asia — Employee Directory Breach

LDAP injection attack exposed 340K employee records including AD credentials.

4h ago

HIGH

EduConnect — Student SSO Compromise

Federated SAML assertion replay attack affected 45 university systems.

6h ago

MEDIUM

RetailMax — Loyalty Program Credential Stuffing

Automated attack compromised 120K accounts using previously breached credentials.

8h ago

Vulnerability Tracker

● LIVE

9.8

CVE-2026-31847 — FortiAuthenticator RCE

Unauthenticated remote code execution via crafted RADIUS authentication packet.

1h ago 8.7

CVE-2026-28391 — Okta OIDC Token Bypass

Token validation flaw allows authentication bypass in specific OIDC flow configurations.

3h ago 7.5

CVE-2026-29104 — PingFederate XXE

XML External Entity injection in SAML metadata parser allows SSRF.

5h ago 7.2

CVE-2026-30582 — Azure AD B2C Policy Injection

Custom policy XML injection allows privilege escalation in B2C tenants.

7h ago 5.4

CVE-2026-31205 — Keycloak Session Fixation

Session token not rotated after authentication in specific broker flows.

9h ago

Never Miss a Breach, CVE, or Industry Shift

Join thousands of IAM professionals getting the weekly Intelligence Brief every Monday morning.